From 27ac19511bb0c765cac69cd426c0e802c7822f3f Mon Sep 17 00:00:00 2001 From: Robert Schultheis Date: Wed, 3 Mar 2021 12:20:14 -0700 Subject: [PATCH] Add CVE-2021-21312 for GHSA-c7f6-3mr7-3rq2 --- 2021/21xxx/CVE-2021-21312.json | 82 +++++++++++++++++++++++++++++++--- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/2021/21xxx/CVE-2021-21312.json b/2021/21xxx/CVE-2021-21312.json index d3c090af060..eacffcc0528 100644 --- a/2021/21xxx/CVE-2021-21312.json +++ b/2021/21xxx/CVE-2021-21312.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21312", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Stored XSS on documents" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glpi", + "version": { + "version_data": [ + { + "version_value": "< 9.5.4" + } + ] + } + } + ] + }, + "vendor_name": "glpi-project" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: \"Web Link\" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: \" accesskey=\"x\" onclick=\"alert(1)\" x=\", the content will be saved within the database without any control. \n\nAnd then once you return to the summary documents page, by clicking on the \"Web Link\" of the newly created file it will create a new empty tab, but on the initial tab the pop-up \"1\" will appear." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-c7f6-3mr7-3rq2" + }, + { + "name": "https://github.com/glpi-project/glpi/releases/tag/9.5.4", + "refsource": "MISC", + "url": "https://github.com/glpi-project/glpi/releases/tag/9.5.4" + } + ] + }, + "source": { + "advisory": "GHSA-c7f6-3mr7-3rq2", + "discovery": "UNKNOWN" } } \ No newline at end of file